Spacer Sidebar Directory Map

The Training Book, the handbook for trainers

Training Express computer learning guides

 

ITrain - International Association of Information Technology Trainers

Microsoft IIS 5.0 Bug

Windows 2000 servers vulnerable to attack

ITINFO Sponsor

New Release: The Training Book

ITrain has limited pre-release copies of a brand new book for trainers: The Training Book, the handbook for trainers.

Through an in-depth exploration of 67 technical articles this book presents the most important skills that lead to success as a professional trainer, The Training Book demonstrates quickly and succinctly the steps you must take to become a great trainer.

Order your copy today!

Internet Poll
Have you attended a seminar via e-learning?
yes
no

poll archive

Microsoft IIS 5.0 Opens Security Hole in Windows 2000

by Dave Murphy
ISSN 1535-3613

Dave Murphy, DGL President & ITrain founder Microsoft Corp. confirmed today that their webserver, IIS 5.0, opens a security hole in Windows 2000 (W2k) servers. Both W2k Server and W2k Advanced Server are affected by the bug, and an security patch is available from Microsoft. W2k Datacenter Server is hardware specific and security patches may be available from the OEM (Original Equipment Manufacturer).

An ISAPI extension which implements the Internet Printing Protocol (IPP), is at the root of the problem. IPP is a neat feature of W2k that grants permission to submit print jobs via HTTP to another PC connected to the Internet.

The ISAPI extension contains an unchecked buffer which enables a remote attacker to create a buffer overrun. The attacker can then submit code which would run in the Local System security context. By gaining Local System privileges, an attacker can gain complete control over a server, with the ability to load and execute any program; add, change or delete any data, including webpages; execute system commands; reconfigure the system; add new users or delete existing ones; and reformat the hard drive.

Microsoft recognizes the seriousness of this vulnerability and strongly recommends that all IIS 5.0 administrators to install the patch immediately.

Microsoft also confirms that a firewall does not protect the network against intrusion in this case. Internet Printing operates over HTTP or HTTPS as part of a web session. As long as an attacker can start a web session with an affected server, that server is vulnerable.

Call for Comments

What do you think? Leave your comments on the message center.

References

Microsoft Security Bulletin
Message Center

Subscribe to ITINFO.
Receive computing and Internet news & tips
by subscribing to the ITINFO information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Damar Group, Ltd. helps business use technology.

ITINFO is again accepting sponsors. Sponsor messages are included in ITINFO's email newsletter and are permanently posted to DGL's website and online reference areas.

ITINFO is an electronic publication of Damar Group, Ltd., publisher of Training Express computer learning guides. Comments and submissions to info@dgl.com.

Previous issues are on our website at http://dgl.com/itinfo/.

updated May 1, 2001
http://dgl.com/itinfo/2001/it010501.html

Return to DGL homepage
Copyright © 2001, Damar Group, Ltd., All Rights Reserved